Up next in 10
Cybersecurity is crucial for pipeline safety. Coordination between PHMSA, CISA, and TSA is essential to protect pipelines from cyberattacks and ransomware incidents that could impact critical infrastructure. We must remain vigilant. #cybersecurity #pipelinesafety #CISA #TSA #infrastructure
Show More Show Less View Video Transcript
0:00
ired and the chair now recognizes the g
0:02
gentleman from Alabama's sixth district
0:04
for five minutes for questions.
0:05
Thank you, Mr. Chairman. And um I'll
0:07
allow you to answer that question from
0:09
Miss Mlullen. That's in line with
0:12
some of my questions.
0:16
Um well, I will say um that cyber
0:18
security is not really in the wheelhouse
0:20
of pipeline safety for our organization.
0:22
It's more of a reliability issue. So, we
0:25
don't really dig into the into the uh
0:27
weeds on it. Um the the way we've
0:30
approached it is the integrity
0:31
management program for high consequence
0:33
areas uh requires an operator to
0:35
identify all potential threats against
0:37
the pipeline, create a plan to mitigate
0:39
against those threats and implement that
0:41
plan and cyber security threats um
0:43
should be considered one of those
0:45
threats um and FISA could adopt some
0:48
specific standards within integrity
0:50
management. Um to the rest of your
0:52
question as far as agency coordination
0:54
is is beyond my expertise.
0:56
Mr. Well, I I'd like uh for you to take
0:58
a shot at that question as well, but
1:02
back in 2021, we had a ransomware attack
1:05
on on the Colonial Pipeline, which was
1:07
in my district. And uh there there have
1:10
been multiple attacks at various healthc
1:12
care facilities around the country. And
1:14
and as more pipeline networks enter uh
1:18
become part of that equation, the threat
1:20
of another attack is very much a real
1:22
possibility whether it's fuel line like
1:24
the Colonial Pipeline or or other
1:26
pipelines.
1:28
Can you address what where you think we
1:31
are in terms of protecting our pipelines
1:34
from cyber attacks and and and what we
1:38
need to do to protect them?
1:39
Glad to address both of you. Cyber
1:41
security is very important to pipelines.
1:43
Like any Fortune 500 company, pipeline
1:46
operators need to maintain safeguards to
1:49
protect their commercial systems and
1:50
their operational systems. We'll do that
1:53
in concert with the uh transportation
1:55
security administration working with
1:57
them on cyber directives. I believe you
1:59
asked about CISA reauthorization. LEPA
2:01
supports reauthorization and
2:02
reauthorization of SISA. That will give
2:05
pipeline operators the opportunity a
2:06
safe place to work with governments to
2:08
talk about threats. Uh it's quite
2:10
important that FIMSA coordinate with
2:13
those with cyber security expertise to
2:15
make sure that anything that FIMSA does
2:17
is in concert with what they know about
2:19
how to do cyber security for pipelines
2:22
which quickly evolving technologies and
2:24
threats very important.
2:26
So are you hearing much on that u from
2:29
industry?
2:30
Um every day we know there are attempts
2:33
to breach of breaches. Uh I participate
2:35
in classified briefings from government.
2:38
We must always have our guard on
2:39
pipeline safety. Thankfully, there are
2:41
recommended practices. There are uh
2:43
interactions with government and experts
2:46
to try and improve that. We can never be
2:49
uh stop our vigilance.
2:51
Do you feel like FIMSA is is
2:54
weighing in on this properly? They're
2:56
doing their part or is there's do we
2:59
need to be doing more?
3:00
FIMSA is not key on cyber security and I
3:02
think that's okay. Real work with SIZA
3:05
and with TSA. We need FIMSA to make sure
3:07
they're talking with them. Many of these
3:09
briefings, FIMSA is a part of those.
3:11
That coordination should be done right
3:13
to make sure there's not conflicts and
3:15
overlapping and pipeline operators being
3:17
told to do two different things. We need
3:19
to make sure we're doing that right.
3:20
Do we know if these are just in the
3:22
ransomware attack situation with
3:24
Colonial Pipeline? That was just people
3:26
trying to extort money. But do we have
3:30
nation state uh uh involved in this or
3:33
or or people who are being given safe
3:36
harbors? We know they are in China and
3:39
Russia and other places to to launch
3:41
these attacks. Is there any
3:42
public setting generally? Yes. And I I
3:44
know there's people I can encourage you
3:46
to talk to in government that can help
3:47
you more. But we must be vigilant and
3:50
must be working on this well every
3:52
Yeah. My concern about this transcends
3:54
the pipelines. I mean, it's the critical
3:56
infrastructure across the country that
3:58
could be subject to a cyber attack,
4:01
whether it's a ransomware attack or or,
4:03
you know, from a state sponsored
4:07
terrorist group. I mean, it could be
4:08
could be anything. And I think that our
4:13
u our grid in its totality, not just the
4:16
power grid, but the entire totality of
4:19
the grid, whether it's pipelines or
4:21
power, is we we've got to make this a
4:23
very serious issue, a top priority.
4:26
We Americans use all these forms of
4:28
energy every day and we can't afford to
4:30
have something down from a cyber
4:31
incident. You're absolutely right. Thank
4:33
you for paying attention to that.
4:34
Well, I appreciate your response, Mr.
4:37
Chairman. yield back.
#Computers & Electronics